With the rapid development of information technology, information security has become an important issue in today's digital age. However, information security threats continue to increase, posing a serious threat to information security in public and private sectors. Therefore, this study analyzes the types and patterns of information security threats, including phishing, malware, intrusion attacks, and denial of service, etc., and discusses the corresponding governance policies. This study proposes governance policies for network information security threats, such as the establishment of zero trust architecture, multi-factor authentication and authorization, Red Army drills, etc., implements multi-level protection measures, strengthens security management, and strengthens user authentication and access control.